Technical Tip: FortiWeb sessions remains active with zero KB sent/received
| Description | This article describes a scenario when FortiWeb sessions remain active with zero KB sent/received, even when the client timeout is configured. |
| Scope | FortiWeb. |
| Solution | In some scenarios, a user might observe established sessions on FortiWeb without any traffic going through them, but the session is not timed out. It can happen even with configuring client-timeout under the server policy.
Whenever a client opens a TCP 3-way handshake session with a server behind FortiWeb, but does not send http request, the session will not timeout automatically, and the session will remain active with zero KB sent/received. This happens because by default, FortiWeb sends keepalives every 60 seconds to each session. It will keep the session alive until a closure is received from the client's end.
To close such idle sessions, another command is needed under the server policy: 'tcp-recv-timeout' will cause the session to be closed after the threshold when no HTTP/HTTPS request is received:
config server-policy policy edit "<policy_name>" set tcp-recv-timeout <seconds_int> end
Related document: server-policy policy |